F-Secure warns of flaw in its own software

Critical vulnerability in the security vendor's antivirus software could allow hackers to launch denial-of-service attacks against users

F-Secure has issued a 'critical' alert for a vulnerability in its own antivirus software.

According to an F-Secure security bulletin, several of its products have a buffer-overflow vulnerability in processing LHA archives. LHA is a compression utility. The vulnerability could allow an attacker to execute arbitrary code or to create a denial-of-service condition.

Various versions of F-Secure's software for both Windows and Linux are affected. The security vendor has suggested a range of fixes in the bulletin.